How do I build a GCP service account IAM binding?
In this guide, we’ll create a Google Cloud Platform (GCP) service account and bind IAM roles to it using Pulumi. This involves creating a service account, defining IAM roles, and associating these roles with the service account.
Key Points:
- Create a GCP service account.
- Define IAM roles.
- Bind the IAM roles to the service account.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// Define a GCP project ID
const projectId = "my-gcp-project";
// Create a GCP service account
const serviceAccount = new gcp.serviceaccount.Account("myServiceAccount", {
accountId: "my-service-account",
displayName: "My Service Account",
project: projectId,
});
// Define IAM roles to be bound to the service account
const roles = ["roles/storage.admin", "roles/compute.viewer"];
// Bind IAM roles to the service account
roles.forEach(role => {
new gcp.serviceaccount.IAMBinding(`binding-${role}`, {
serviceAccountId: serviceAccount.name,
role: role,
members: [`serviceAccount:${serviceAccount.email}`],
});
});
// Export the service account email
export const serviceAccountEmail = serviceAccount.email;
Summary
In this guide, we created a GCP service account and assigned IAM roles to it using Pulumi. We defined the service account, specified the required IAM roles, and bound these roles to the service account. This setup is essential for managing permissions and access control for resources in GCP.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.